Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Homeland Security: Patch Windows Now

By Ed Oswald, BetaNews

August 11, 2006, 12:13 PM

The Department of Homeland Security took the unusual step earlier this week of urging Windows users to apply a patch to protect themselves from possible worm attacks. The move was the first time that the department had instructed computer users to apply a security patch.

"Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch," it said in a statement. "This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users."

At issue is Microsoft patch 06-040, which involves a flaw in the Server Service function of Windows. Affecting all versions of the operating system after Windows 2000, a buffer overrun could open up a remote code execution risk that could result in a system takeover.

Various security firms also echoed the DHS' concerns. eEye Digital Security said that exploit code had been found in the wild, and that the vulnerability was being exploited in the wild as a "zero-day" attack. Unpatched systems run the risk of being infected by a worm attack, which is considered imminent, the companies added.

"McAfee supports the warning of the U.S. Department of Homeland Security and re-iterates its position that customers pay particular attention to this vulnerability and update their systems immediately," the security firm said in a news release.

At least one company, eEye, was providing a free vulnerability scanner to test systems for susceptibility to the issue.

The US Computer Emergency Readiness Team is working with Microsoft to minimize impact from the flaw, DHS said. The group also issued an alert through its National Cyber Alert System and informed federal Chief Information Officers and Chief Information Security Officers.

Government agencies have been required to inform the DHS of their patching status.

The US-CERT is recommending that users ensure their antivirus software is installed and up-to-date, and a firewall has been deployed and activated. Additionally, it recommended against opening e-mails and attachments from unknown sources, and it even warned against opening unexpected attachments from trusted contacts.

Add a Comment (76 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By johnathanyew

edited Aug 12, 2007 - 11:52 AM

Keeping up with patches? A free utility to keep up with your windows patches without having to always do an autoupdate online... http://www.reviewingit.c...x.php/content/view/55/1/

Score: 0

By rrripley

edited Aug 12, 2006 - 4:38 AM

Ladies and Gentlemen:

Please don't mix cranberries, prunes and granola. Because if you do... we end up reading more "crappola" like the posted comments.

If you believe condoms... download the patch!

Score: 0

By mesiex

posted Aug 14, 2006 - 6:00 AM

Who is the cat and who is the mouse? Fear pays.

Score: 0

By TC17

posted Aug 13, 2006 - 11:04 PM

As if this is anything new. Obviously this is coming from the Bush administration and is just one of the many upcoming attempts before the election to instill fear into the public. Because the Republicans feel this is the only way they can get elected.

Windows has major backdoors/exploits all the time as it is.

Score: 0

By DatabaseBen

posted Aug 13, 2006 - 1:15 PM

patch? homeland security? nahhh......

I bet it's another so called "criticle" update but what it really is is a anti terrorism tracking program....

Or maybe NSA can't filter the billions of emails and chats and VoIP, so now it snared microsoft into violate our privacy.

ACLU.... We need u...... (again)

Score: 0

By PC_Tool

posted Aug 15, 2006 - 8:50 AM

Wow.

My first port in this topic was about folks just like you.

Tell me, what's it like living in constant paranoia? Get out much?

Score: 0

By wincement

posted Aug 14, 2006 - 9:43 PM

You retard.

Read the article about the worm that's spreading by this vulnerability.

The threat was (and is) real. Put your tinfoil hat back in the bomb shelter.

Score: 0

By maverick02

posted Aug 14, 2006 - 12:46 AM

idiot.. so homeland security secretly implements a tracking tool and passes it along to microsoft who then releases it as a patch, and instead of keeping quiet to not arouse suspicion of their secret anti terror tracking tool, they come out publicly telling the world to patch their systems, jeopardizing this 'secret' anti terror tracking patch program.. uh huh

I hope these conspiracy clowns dont patch their machines and then get infected with the worm haha.. then we'll get to hear another funny conspiracy theory about how President Bush was behind it all and purposely released the worm to force people to install the patch, which then would make their machines vulnerable to homeland security's anti terror tracking patch program...

Score: 0

By JacenSolo

posted Aug 14, 2006 - 2:01 AM

Some of us don't live our lives in fear of virii..

I don't use an active anti virus scanner. I will do one scan a month from my portable one (which is on my portable thumb drive), but I haven't had any problems. I don't see a reason to patch.

and unless microsoft releases a statement saying exactly what it does... for example (patches port 80 handling in IIS to close security hole) then I'll consider it.

but I have no idea what it does, so why patch?

Score: 0

By fewt

posted Aug 14, 2006 - 8:33 AM

"unless microsoft releases a statement saying exactly what it does... for example (patches port 80 handling in IIS to close security hole) then I'll consider it."

They have done that for years, go to their website and look for it.

"I don't use an active anti virus scanner."

Then you should turn off your computer, and never use one again IMHO.

Fools..

Score: 0

By maverick02

posted Aug 14, 2006 - 2:37 AM

you do that... its funny how some of these guys act like they're doing microsoft a favor by patching and unless begged, convinced, and maybe even bribed by microsoft, they won't patch their systems... of course these are the same clowns who blame microsoft for bad software even after a patch is released...

Score: 0

By Noremacam

posted Aug 13, 2006 - 7:33 PM

Hope you got lots of tinfoil

Score: 0

By cannie

posted Aug 13, 2006 - 4:14 AM

Security is a big danger for many who live from all kind of "patches".

Score: 0

By ASpellberg

posted Aug 13, 2006 - 2:15 AM

Do you truly think a democratic president in office at the time would've done any better? It's easy to say after the fact, but in truth I think in the long term we would have been worse off if we let the problem fester over there. At least we can hope that the seeds of democracy actually take root, and maybe this air of fanaticism will fade.

Score: 0

By sjc001

posted Aug 13, 2006 - 6:41 PM

The USA is not and has never been a democracy. Its a Constitutional Republic. The average person has too much say over the government in a democracy.

Score: 0

By PC_Tool

posted Aug 14, 2006 - 12:42 PM

Its a Representative Democracy.

http://en.wikipedia.org/...epresentative_democracy

There, fixed that for ya. ;)

Score: 0

By wincement

edited Aug 14, 2006 - 9:47 PM

I pledge allegiance to the flag of the United States of America, and to the Republic, for which it stands...

Yeah. You get it.

I know. I'm a jerk.

Kinda silly that no one can seem to agree what kind of governmental system our country has. It seems no one really knows.

Score: 0

By PC_Tool

posted Aug 15, 2006 - 8:48 AM

I gotta wonder why anyone would call this a republic.

Perhaps due top a complete *lack* of any specific defined roles?

http://en.wikipedia.org/wiki/Republic

Just because we call it a Republic in our schools every day, doesn't make it so.... (Maybe it just *stands* for a some wonderful, yet imaginary republic...)

Score: 0

By wincement

posted Aug 15, 2006 - 11:06 AM

(Maybe it just *stands* for a some wonderful, yet imaginary republic...)

ouch... =p

Score: 0

By Noremacam

posted Aug 13, 2006 - 7:35 PM

Pssst. The US government is a representative democracy, which is synonymous with "republic."

http://dictionary.reference.com/browse/republic (definition 2)

Score: 0

By sjc001

posted Aug 14, 2006 - 6:07 AM

Still not a true democracy. The found fathers didn't want that.

http://dictionary.reference.com/browse/democracy

Score: 0

By PC_Tool

posted Aug 14, 2006 - 12:48 PM

http://en.wikipedia.org/...epresentative_democracy

They may not have wanted it, but they got it.

Score: 0

By Railer

edited Aug 13, 2006 - 1:24 PM

I think a Republican [or Democratic] president who isn't a neocon puppet (see www.newamericancentury.org) might not have antagonized Muslims in quite the same way -- making things worse. My 2-cents...

Score: 0

By pickchevy

posted Aug 13, 2006 - 7:46 AM

Yeah, right. You're dreaming.

Score: 0

By maverick02

edited Aug 13, 2006 - 1:11 PM

Yeah Clinton was so much better... he prevented the 93 WTC bombing, prevented North Korea from attaining nukes, got peace in the middle east AND was going to foil the 9/11 plot since we all know it was in the workings for several years.... oh wait I was dreaming for a second :P

Lets try this again with Jimmy Carter.....

Score: 0

By utomo

edited Aug 12, 2006 - 10:42 PM

It is time for Autopatcher to release the full patch which include this update, to make it more efficient download a single patch instead of downloading separate patch.

Score: 0

By LongTabSigO

edited Aug 12, 2006 - 1:17 PM

Let me see if understand this:
The Bush Administration is so incompetent that it fouled up both the Katrina thing and Iraq/GWOT.

YET...

It is so incidious that it manufactured both the 9/11 attacks and set up a patch and enticed Microsoft to release malicious code to an unsuspecting public...

YET....
DHS is an incompetent "republican" organization.

Question: What flavor is that kool-aid?

Score: 0

By wincement

posted Aug 14, 2006 - 9:50 PM

You. Are. A. Moron.

By the way, why did Clinton blow up the federal building in Oklahoma City? He was president then, so it must have been his fault, right?

Score: 0

By fewt

edited Aug 12, 2006 - 4:55 PM

How is a hurricane hitting land 10 feet below sea level and destroying it the government's problem?

Did the government force people to buy land and live there?

No.

Hint: Don't live below sea level.

BOY, THAT WAS TOUGH.

Boy, you terrorists sure are flooding betanews with their anti-us drivel these days.

Score: 0

By PC_Tool

posted Aug 14, 2006 - 12:40 PM

Felt the same damn way about Grand Forks here in MN. They live in a friggin' flood zone.

It's been a flood-zone for centuries...

They didn't need relief, they needed a clue.

Loss of life sucks, no matter what, but stupid is stupid, consequences be damned.

Score: 0

By sjc001

posted Aug 13, 2006 - 6:42 PM

Its how they responded, or should I say didn't, afterwards thats the problem. They even told other nations, who were ready to offer aid on a moment's notice, to bugger off.

Score: 0

By fewt

posted Aug 13, 2006 - 8:41 PM

I went through three hurricanes a few years ago, you don't hear me crying.

'nuff said

Score: 0

By Noremacam

posted Aug 13, 2006 - 7:36 PM

Do you have a reference?

Score: 0

By marrix

posted Aug 12, 2006 - 10:16 AM

My only observation, and comment to the Bend Over Bush Boys is, does this fix call home? If so, nuff said!!!!

Score: 0

By JacenSolo

posted Aug 12, 2006 - 10:39 AM

I believe that call home thing was removed.

Score: 0

By tirpider

posted Aug 12, 2006 - 9:07 AM

So what.
so somebody with nothing better to do is going to terrorize me by taking over my porn machine?

It bothered me more when the vet's ss numbers were lost/stolen and found again.

Score: 0

By JacenSolo

posted Aug 12, 2006 - 5:13 AM

I'm not patching.

Score: 0

By RPrechter

edited Aug 11, 2006 - 11:52 PM

Sounds like another scare tactic to make Bush look like our indispensable terror-fighter, and I think the British plane-bomb scare could be, too.

Bush and Blair need a boost in the polls, so these things come along.

We don't need Homeland Security to tell us to use antivirus software.

Score: 0

By pickchevy

posted Aug 12, 2006 - 6:19 AM

Yes, and we can expect lots more of these scare tactics over the next several months.

Score: 0

By ASpellberg

edited Aug 12, 2006 - 2:24 AM

You're paranoia is really pathetic. Do you honestly think our commander in chief would intentionally orchestrate something like this just to win approval ratings? You should try living in the middle east and see how good you have it here, then maybe you can see how blind you really are...

Score: 0

By maverick02

posted Aug 12, 2006 - 2:28 AM

You just won the idiot of the year award...

Score: 0

By Noremacam

posted Aug 13, 2006 - 7:42 PM

Ditto totally.

It simply amazes me, that even when the adminstration gets something right, like the cooperation with UK in stopping the latest terrorist hijacking - even then, it's still a reason to bash bush.

People need to get over their bush derrangement syndrome and stop the rediculous conspiracy theories you people invent. I swear some of you people would make michael moore proud.

Score: 0

By Will Not

edited Aug 12, 2006 - 12:49 AM

Houseboat sounds like a good idea. Nice place for a sandbar. Don't invest cash in New Orleans the place is sinking. Hello !!! Nice OS Bill !!!

Score: 0

By wtfman1978

edited Aug 12, 2006 - 1:09 AM

WTF?! Now we need a government agency (as useless as department of homeland security, no less) to tell people they need to update the software running their personal computers?! Do something worthwhile, you F-ing morons - people (even those ignorant enough to use windoze) know how to respond to a software update notification.

Score: 0

By pickchevy

posted Aug 12, 2006 - 6:21 AM

Scare tactics is what they do and there will be plenty over the next months.

Score: 0

By PC Rat

edited Aug 11, 2006 - 7:05 PM

...

The PC Rat misses the old days when
something like this would've raised the
Homeland Security alert level from
navy blue to canary yellow !

...

The Computer Rodent

...

Score: 0

By zridling

posted Aug 11, 2006 - 4:53 PM

The republican Department of Homeland Security need to STFU and fix New Orleans. These guys are keystone cops, meanwhile George continues to clear brush while the world burns.

Score: 0

By sophist_dreams

posted Aug 11, 2006 - 6:22 PM

I don't know what new Orleans has to do with any of this but since I love a good Political troll; if the citizens of New Orleans are dumb enough to re elect a mayor who screwed up and stranded several thousand people on the City, I say screw 'em, let him fix the damn place.

Score: 0

By pickchevy

posted Aug 12, 2006 - 6:23 AM

That is the dumbest comment yet.

Score: 0

By Secret Agent Man

posted Aug 12, 2006 - 10:36 AM

I hate getting involved in political issues, but I hate it more when people ignore things to continue their Bush-bashing sprees: President Bush actually contacted the mayor and told him to evacuate the city. What did he do? Nothing.

I hardly see the relevance of New Orleans to the Dept. of Homeland Security asking people to patch their Windows PCs. Oh wait, yeah I do. "The administration said something! They're trying to trick/scare/delude us! We must let the world know this!"

Score: 0

By pickchevy

posted Aug 13, 2006 - 7:43 AM

Recent studies indicate that Bush supporters will believe any BS thrown at them just to continue supoporting their idiot.

Score: 0

By Secret Agent Man

posted Aug 14, 2006 - 9:12 AM

First, please define these recent studies.

Second, anyone who believes that every last person who supports the president blindly accept everything he says in does is only kidding themselves. On the other hand, anyone who believes that people you have don't exist are also kidding themselves.

Finally, your overly biased single-sentence response doesn't really convince me of anything.

Score: 0

By sophist_dreams

posted Aug 12, 2006 - 9:02 AM

you live in New Orleans or draw welfare right dip wad?

Score: 0

By fewt

posted Aug 11, 2006 - 6:10 PM

Why don't the people that lived in New Orleans fix New Orleans. Afterall, they were the ones that decided to live below sea level.

Score: 0

By zridling

posted Aug 12, 2006 - 4:29 PM

LMAO — wish you conservatives had the same logic to tell the Iraqis the same thing, and save us about $4 billion/week in tax money. Or maybe have said that about New Orleans before Bush spent $162 billion for nothing so far.

My point is that I don't need an incompetent [republican] government telling me what to do with my computer. These are the same republicans who lose another laptop with your data on it every week. Go figure. Jeebus.

Score: 0

By morriscox

posted Aug 14, 2006 - 11:33 AM

What does being Republican have to do with losing a laptop? Don't be stupid.

Score: 0

By fewt

posted Aug 12, 2006 - 4:59 PM

Sorry bubba, I'm not a "conservative". ;-)

I think we need to do a lot more damage over there than we have. We need to liberate Iraq by making it a state.

heh

Cry for us about your computer, a little louder I still can't hear you.

Wait, really I don't care.

heh

Score: 0

By PC_Tool

edited Aug 14, 2006 - 12:37 PM

I think we need to do a lot more damage over there than we have. We need to liberate Iraq by making it a state.

Not an opinion often heard.

It is unfortunate. I needs to be heard more. By folks who can actually *do* something about it.

Except I think "liberate" might be the wrong term. It's not technically correct. We shouldn't free them, we should conquer them.

/warmonger
/off-topic (like *way*)

Score: 0

By GCoder

posted Aug 11, 2006 - 2:26 PM

LOL@windummies

Score: 0

By cannie

posted Aug 11, 2006 - 2:24 PM

"Affecting all versions of the operating system after Windows 2000" I'd rather go back to NT or Windows 98 SE to feel really secure.

Score: 0

By wat0114

posted Aug 11, 2006 - 1:19 PM

If they are not required, why not disable the Server service and ports 139 and 445 (Windows Worms Door Cleaner)? I am in no way suggesting not to apply the critical patches. I did anyways, as always. Still, I can't help but wonder how much exploit grief could be minimized if more people were to run a modified (reduced) services profile and disable other unnecessary network services such as NetBIOS over TCP/IP, at least for those who don't run file sharing or messaging services.

Score: 0

By PC_Tool

posted Aug 11, 2006 - 12:20 PM

Funny how this actually sparked a 'Black Helicopter' crackpot theory on how the patch is actually a government backdoor. Hence why the Department of Homeland Security is pushing for it.

Gotta love paranoia.

Score: 0

By pickchevy

posted Aug 12, 2006 - 6:23 AM

Baaaaaaa...

Score: 0

By fewt

posted Aug 11, 2006 - 6:11 PM

I hadn't heard that one yet. That's pretty funny LOL.

Score: 0

By GCoder

posted Aug 11, 2006 - 4:13 PM

It just goes to show how much we trust the republican government now.

Bunch of liars

Score: 0

By rwinger

posted Aug 11, 2006 - 6:10 PM

those "liars" are keeping a bunch of crazy muslims from blowing your dumb a** up

oh wait i guess he made all that jihad stuff up to..

Score: 0

By walruz

posted Aug 12, 2006 - 2:20 AM

humm.. the "bunch of crazy muslims" wouldn't be so pissed off if those "liars" weren't bombing other countries for their oil. Stop watching CNN and get a life.

And yes, i don't think that we must patch our computers because the state says so.. 1984 anyone?

Score: 0

By maverick02

edited Aug 12, 2006 - 2:34 AM

oh and what country was being attacked during the WTC bombings of 93 and 2001?

And yeah gotta love that oil... $3 at the pumps and going up.. we sure went after oil, huh? I'm sure he has a conspiracy theory about that though. Another idiot...

Score: 0

By pickchevy

posted Aug 12, 2006 - 6:26 AM

Only an idiot would think that the country was invaded to GET oil. More like the invasion helps manipulate the price of oil.

Score: 0

By Paradise-FH-

posted Aug 11, 2006 - 12:43 PM

heh ... just remember it's only paranoia if you can reasonably disprove the theory. hence, roswell, the jfk assassination and hell in religion working for all these years.

Score: 0

By sophist_dreams

edited Aug 11, 2006 - 12:30 PM

You mean those guys in the black suits and dark glasses who showed up across the street after I installed this aren't from OUR govt? Hot damn.

Score: 0

By JSSBSEEJD

edited Aug 11, 2006 - 1:41 PM

Have to admire this double reverse anti psychology. Or as George W. would call it, what ?

Score: 0

By sophist_dreams

posted Aug 11, 2006 - 6:20 PM

George W or George Orwell?

Score: 0

By tirpider

posted Aug 12, 2006 - 9:15 AM

If this were Orwellian, 5 guys with a lot of papers would show up at each MS machine (and possibly a few more they saw along the way,) mess up the patch and turn us all in as friends of goldstien (or whatever his name was) when they found out the service/ports already locked down.

Score: 0

By Point Zero

edited Aug 12, 2006 - 7:02 PM

You guys should better know what you are talking about. I lived in Pakistan for over 4 years, and I can tell you, Television is still television over there, not a bunch of commercials and other spam glued together. 24 hours/day pure TV.

You Americans really don't know what you are missing.

Score: 0

By tirpider

posted Aug 12, 2006 - 9:52 PM

^ Friend of Goldstien ^

Score: 0

Jul 25 - 11:52 AM ET AOL axes weak properties, halts blogs in budget emergency

Jul 25 - 11:32 AM ET Verizon to announce FiOS rollout in New York City

Jul 25 - 10:49 AM ET Sprint hands keys for cellular towers to third-party

Jul 24 - 8:00 PM ET HP ends Voodoo business unit, but not Voodoo gaming PCs

Jul 24 - 5:40 PM ET The danger of DRM: Yahoo will remove keys for authorizing music playback

Jul 24 - 5:20 PM ET Facebook to integrate Microsoft Web search, search ads

Jul 24 - 5:09 PM ET Hitachi introduces third-gen Blu-ray camcorder

Jul 24 - 4:51 PM ET WD's new 10,000 RPM 2.5-inch drives still aren't for laptops

Jul 24 - 4:50 PM ET Scrabulous creators sued in United States by Hasbro

Jul 24 - 4:23 PM ET Windows Live for Mobile updated, but still missing calendar sync